http://www.eweek.com/article2/0,1895,2246830,00.asp
By Ryan Naraine
eWEEK.com
January 8, 2008
Microsoft has issued a high-priority security update to fix a pair of
"critical" flaws that expose Windows users to remote code execution
attacks.
The Redmond, Wash. software giant's first batch of patches for 2008
includes a fix for at least two vulnerabilities in TCP/IP (Transmission
Control Protocol/Internet Protocol) processing.
The bugs, rated critical for all supported versions of Windows XP and
Windows Vista, could be exploited by remote attackers to "take complete
control of an affected system," Microsoft warned in its MS08-001
bulletin.
In worst-case scenarios, Microsoft said attackers could hijack Windows
XP and Vista systems to install programs; view, change, or delete data;
or create new accounts with full user rights.
The TCP/IP bulletin affects Windows Server 2003 Windows 2000 but the
severity rating is downgraded for those operating systems.
The most serious of the two bugs, discovered and reported by researchers
at IBM's ISS X-Force, is a remote code execution vulnerability in the
way the Windows kernel handles TCP/IP structures storing the state of
IGMPv3 and MLDv2 queries.
"An anonymous attacker could exploit the vulnerability by sending
specially crafted IGMPv3 and MLDv2 packets to a computer over the
network," Microsoft warned. Although this makes the vulnerability
wormable, several anti-exploitation mechansisms built into Windows Vista
and the presence of a firewall turned on by default in Windows XP means
there is little likelihood of a remote network worm affecting Windows
users.
The second vulnerability in the MS08-001 bulletin is described as a
denial-of-service issue in the way the Windows Kernel processes
fragmented router advertisement ICMP queries.
It's important to note that ICMP Router Discovery Protocol (RDP) is not
enabled by default and is required in order to exploit this
vulnerability.
However, on Windows 2003 Server and on Windows XP, Microsoft warned that
RDP can be turned on by a setting in DHCP or by a setting in the
registry. Also, on Windows 2000, RDP can be turned on by a setting in
the registry.
Microsoft said an anonymous attacker could exploit the vulnerability by
sending specially crafted ICMP packets to a computer over the network,
causing the computer to stop responding and automatically restart.
The company also shipped MS08-002, an "important" bulletin that patches
a privilege elevation flaw in the in the Microsoft Windows Local
Security Authority Subsystem Service (LSASS).
The LSASS bug, which was found by Thomas Garnier of SkyRecon, affects
Windows 2000, Windows XP and Windows Server 2003. Windows Vista is not
affected.
__________________________________________________________________
Visit InfoSec News
http://www.infosecnews.org/